PT-2015-1975 · Django Software Foundation+2 · Django+2

Lin Hua Cheng

Published

2015-08-18

Updated

2022-05-17

CVE-2015-5964

CVSS v4.0

6.6

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Django versions 1.4.x through 1.4.21 Django versions 1.7.x through 1.7.9

Description The issue is related to errors in resource management in the contrib.sessions.backends.base.SessionBase.flush and cache db.SessionStore.flush functions of the Django framework. This can be exploited by a remote attacker to cause a denial of service under certain conditions. The exploitation allows attackers to consume session store resources, leading to a denial of service.

Recommendations For Django versions 1.4.x through 1.4.21, update to version 1.4.22 or later. For Django versions 1.7.x through 1.7.9, update to version 1.7.10 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2015-1872

BDU:2015-11321

CVE-2015-5964

DLA-301-1

DSA-3338-1

GHSA-X38M-486C-2WR9

MGASA-2015-0327

PYSEC-2015-23

RHSA-2015:1766

RHSA-2015:1767

RHSA-2015:1894

USN-2720-1

Affected Products

Alt Linux

Django

Ubuntu

PT-2015-1975 · Django Software Foundation+2 · Django+2

CVE-2015-5964

Weakness Enumeration

Related Identifiers

Affected Products

References · 36